New wave of cyberattacks by APT group Cloud Atlas on Russia's government sector
Essential information
- Published
- 31/10/2025 09:34
- Modified
- 31/10/2025 11:46
- Tags
- 2025-10-31 apt bec attacks powershower
- Related entities
- 20 observables, 1 intrusion sets (apt), 5 techniques (mitre), 1 malware, 3 others
Description
The APT group Cloud Atlas has launched a new wave of cyberattacks targeting Russia's defense industry. They are using stolen document templates from previously infected organizations to create malicious Microsoft Office files. The group cleans metadata from these documents to avoid revealing compromised entities. They move between targeted companies using compromised email accounts (BEC attacks). The attacks focus on defense industry enterprises, with malicious documents disguised as invitations, anti-corruption checks, mobilization documents, employee records, and financial statements. Cloud Atlas uses Google Sheets API for data exfiltration and employs the PowerShower backdoor. The group's infrastructure has migrated to new servers and domains, indicating ongoing campaign development.